The reason why this is not possible is, as the others have stated, that a signed message cannot be forged. Of course, an attacker is able to sign any message, but only with a private key belonging to their own public key / certificate.
So what happens is that:
- Alice signs the message with her private key, indicating her public key / certificate;
- Alice encrypts the signed message with Bob's public key (as PGP uses sign-then-encrypt);
- Bob receives the message and decrypts it using his private key;
- Bob gets the key ID of Alice and looks up her public key / certificate, finding out it is her;
- Bob verifies that the signature under the message is that of Alice.
Now Malory (the MitM using the normal names) can obviously send encrypted messages to Bob, however she cannot decrypt the message of Alice as she doesn't have Bob's private key.
With regards to signature generation: Malory could put down her own signature and change the ID but then the message would not be from Alice.
Of course this does require that the public key / certificate of Alice is known and trusted in advance by Bob, otherwise Malory could create a key pair and send the public key / certificate to Bob, impersonating Alice. With PGP that trust is created using a web of trust.
As that web of trust has never been all that secure for PGP, it is highly recommended to establish trust directly, e.g. by mailing the certificate and then verifying the key fingerprint over the phone. PGP has been designed with this in mind (e.g. establishing an easy to verify fingerprint system and requiring explicit trust of the public keys / certificates within the trust store).
